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Abstract. In a seminal paper from 1985, Sistla and Clarke showed that satisfiability 
for Linear Temporal Logic (LTL) is either NP-complete or PSPACE-complete, depending 
on the set of temporal operators used. If, in contrast, the set of propositional operators 
is restricted, the complexity may decrease. This paper undertakes a systematic study of 
satisfiability for LTL formulae over restricted sets of propositional and temporal opera- 
tors. Since every propositional operator corresponds to a Boolean function, there exist 
infinitely many propositional operators. In order to systematically cover all possible sets 
of them, we use Post's lattice. With its help, we determine the computational complexity 
of LTL satisfiability for all combinations of temporal operators and all but two classes 
of propositional functions. Each of these infinitely many problems is shown to be either 
PSPACE-complete, NP-complete, or in P. 
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1. Introduction 

Linear Temporal Logic (LTL) was introduced by Pnueli in |Pnu77j as a formalism for rea- 
soning about the properties and the behaviors of parallel programs and concurrent systems, 
and has widely been used for these purposes. Because of the need to perform reasoning 
tasks — such as deciding satisfiability, validity, or truth in a structure generated by binary 
relations — in an automated manner, their decidability and computational complexity is an 
important issue. 

It is known that in the case of full LTL with the operators F (eventually) , G (invariantly) , 
X (next-time), U (until), and S (since), satisfiability and determination of truth are PSPACE- 
complete |SC85j . Restricting the set of temporal operators leads to NP-completeness in 
some cases |SC85j . These results imply that reasoning with LTL is difficult in terms of 
computational complexity. 

This raises the question under which restrictions the complexity of these problems 
decreases. Contrary to classical modal logics, there does not seem to be a natural way to 
modify the semantics of LTL and obtain decision problems with lower complexity. However, 
there are several possible constraints that can be posed on the syntax. One possibility is to 
restrict the set of temporal operators, which has been done exhaustively in (SC85 [ lMar04] . 

Another constraint is to allow only a certain "degree of propositionality" in the lan- 
guage, i.e., to restrict the set of allowed propositional operators. Every propositional op- 
erator represents a Boolean function — e.g., the operator A (and) corresponds to the binary 
function whose value is 1 if and only if both arguments have value 1. There are infinitely 
many Boolean functions and hence an infinite number of propositional operators. 

We will consider propositional restrictions in a systematic way, achieving a complete 
classification of the complexity of the reasoning problems for LTL. Not only will this reveal 
all cases in this framework where satisfiability is tractable. It will also provide a better 
insight into the sources of hardness by explicitly stating the combinations of temporal 
and propositional operators that lead to NP- or PSPACE-hard fragments. In addition, the 
"sources of hardness" will be identified whenever a proof technique is not transferable from 
an easy to a hard fragment. 

Related work. The complexity of model-checking and satisfiability problems for several syn- 
tactic restrictions of LTL fragments has been determined in the literature: In [SC85l lMar04j . 
temporal operators and the use of negation have been restricted; these fragments have been 
shown to be NP- or PSPACE-complete. In jDS02j . temporal operators, their nesting, and 
the number of atomic propositions have been restricted; these fragments have been shown to 
be tractable or NP-complete. Furthermore, due to [CL93|, iDFROOj. the restriction to Horn 
formulae does not decrease the complexity of satisfiability for LTL. As for related logics, the 
complexity of satisfiability has been shown in [EES90] to be tractable or NP-complete for 
three fragments of CTL (computation tree logic) with temporal and propositional restric- 
tions. In [Hal95], satisfiability for multimodal logics has been investigated systematically, 
bounding the depth of modal operators and the number of atomic propositions. In [H emOlj . 
it was shown that satisfiability for modal logic over linear frames drops from NP-complete 
to tractable if propositional operators are restricted to conjunction and atomic negation. 

The effect of propositional restrictions on the complexity of the satisfiability problem 
was first considered systematically by Lewis for the case of classical propositional logic 
in [Lew 79] . He established a dichotomy — depending on the set of propositional operators, 
satisfiability is either NP-complete or decidable in polynomial time. In the case of modal 
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propositional logic, a trichotomy has been achieved in [BHSS06]: modal satisfiability is 
PSPACE-complete, coNP-complete, or in P. That complete classification in terms of restric- 
tions on the propositional operators follows the structure of Post's lattice of closed sets of 
Boolean functions |Pos41j . 

Our contribution. This paper analyzes the same systematic propositional restrictions for 
LTL, and combines them with restrictions on the temporal operators. Using Post's lattice, 
we examine the satisfiability problem for every possible fragment of LTL determined by 
an arbitrary set of propositional operators and any subset of the five temporal operators 
listed above. We determine the computational complexity of these problems, except for one 
case — where only propositional operators based on the binary xor function (and, perhaps, 
constants) are allowed. We show that all remaining cases are either PSPACE-complete, 
NP-complete, or in P. 

It is not the aim of this paper to focus on particular propositional restrictions that 
are motivated by certain applications. We prefer to give a classification as complete as 
possible which allows to choose a fragment that is appropriate, in terms of expressivity and 
tractability, for any given application. Applications of syntactically restricted fragments 
of temporal logics can be found, for example, in the study of cryptographic protocols: In 
[Low08| . Gavin Lowe restricts the application of negation and temporal operators to obtain 
practical verification algorithms. 

Among our results, we exhibit cases with non-trivial tractability as well as the smallest 
possible sets of propositional and temporal operators that already lead to N P-completeness 
or PSPACE-completeness, respectively. Examples for the first group are cases in which only 
the unary not function, or only monotone functions are allowed, but there is no restriction on 
the temporal operators. As for the second group, if only the binary function / with f(x, y) = 
(x Ay) is permitted, then satisfiability is NP-complete already in the case of propositional 
logic [Lew79]. Our results show that the presence of the same function / separates the 
tractable languages from the NP-complete and PSPACE-complete ones, depending on the 
set of temporal operators used. According to this, minimal sets of temporal operators 
leading to PSPACE-completeness together with / are, for example, {U} and {F,X}. 

The technically most involved proof is that of PSPACE-hardness for the language with 
only the temporal operator S and the boolean operator / (Theorem 13. 3p . The difficulty 
lies in simulating the quantifier tree of a Quantified Boolean Formula (QBF) in a linear 
structure. 

Our results are summarized in Table [TJ The first column contains the sets of proposi- 
tional operators, with the terminology taken from Definition 12.21 The second column shows 
the classification of classical propositional logic as known from [Lew 79] and |Coo71j . The 
last line in column 3 and 4 is largely due to |SC85] . All other entries are the main results of 
this paper. The only open case appears in the third line and is discussed in the Conclusion. 
Note that the case distinction also covers all clones which are not mentioned in the present 
paper. 

2. Preliminaries 

A Boolean function or Boolean operator is a function / : {0, l} n — > {0, 1}. We can 
identify an n-ary propositional connector c with the n-ary Boolean operator / defined by: 
/(oi, . . . , a n ) = 1 if and only if the formula c(x\, . . . , x n ) becomes true when assigning aj 
to Xi for all 1 < i < n. Additionally to propositional connectors we use the unary temporal 



4 



M. BAULAND, T. SCHNEIDER, H. SCHNOOR, I. SCHNOOR, AND H. VOLLMER 



set of temporal operators 
set of prepositional operators 





{F}, {G}, 
{F,G}, {X} 


any other 
combination 


all operators 1-reproducing or self-dual 


trivial 


trivial 


trivial 


only negation or all operators monotone 


in P 


in P 


in P 


all operators linear 


in P 


? 


? 


x A is expressible 


NP-c. 


NP-c. 


PSPACE-c. 


all Boolean functions 


NP-c. 


NP-c. 


PSPACE-c. 



Table 1: Complexity results for satisfiability. The entries "trivial" denote cases in which a 
given formula is always satisfiable. The abbreviation "c." stands for "complete." 
Question marks stand for open questions. 



operators X (next-time), F (eventually), G (invariantly) and the binary temporal operators 
U (until), and S (since). 

Let B be a finite set of Boolean functions and M be a set of temporal operators. 
A temporal B -formula over M is a formula tp that is built from variables, propositional 
connectors from B, and temporal operators from M. More formally, a temporal .B-formula 
over M is either a propositional variable or of the form f(tp%, . . . , tp n ) or g{tp\, . . . , tp m ), 
where tpi are temporal 5-formulae over M, f is an n-ary propositional operator from B 
and g is an m-ary temporal operator from M. In [SC85J, complexity results for formulae 
using the temporal operators F, G, X (unary), and U, S (binary) were presented. We extend 
these results to temporal .B-formulae over subsets of those temporal operators. The set 
of variables appearing in tp is denoted by V v . If M = {X, F, G, U, S} we call tp a temporal 
B -formula, and if M = we call ip a propositional B -formula or simply a B -formula. The 
set of all temporal .B-formulae over M is denoted by L(Af, B). 

A model in linear temporal logic is a linear structure of states, which intuitively can 
be seen as different points of time, with propositional assignments. Formally a structure 
S = (s, V, £) consists of an infinite sequence s = (sj)igN of distinct states, a set of variables 
V, and a function £ : {sj | i G N} — > 2 V which induces a propositional assignment of V for 
each state, be a structure and tp a temporal {A, -i}-formula over {X, U,S} with variables 
from V. We define what it means that S satisfies tp in S{ (S, Si\= ip): For a temporal {A, -i}- 
formula over {X, U,S} with variables from V we define what it means that S satisfies (p 
in Si (S,Si \= tp): let tp\ and tp 2 be temporal {A, ^}-formulae over {X, U,S} and x € V a 
variable. 

x G £(sj), 

S, Si \= tpi and S, Sj 1= tp 2 , 
S, SiY- tpi, 
S, Si+i \= tp\, 

there is a k > i such that S, Sk 1= tp 2 , 



S, s 
S, s 
S, s 
S, s 
S, s 



1= x 

1= <Pi A tp 2 
\= -iipx 

1= (piUip 2 



if and only if 
if and only if 
if and only if 
if and only if 
if and only if 



and for every % < j < k, S, Sj 1= tpi, 



S, Si 1= tp±Stp2 if and only if there is a k < i such that S, s& 1= tp 2 , 

and for every k < j < i, S, Sj \= tp\. 
The remaining temporal operators are interpreted as abbreviations: Ftp = true (Jtp and 
Gtp = -iF-i</2. Therefore and since every Boolean operator can be composed from A and 
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-i, the above definition generalizes to temporal 5-formulae for arbitrary sets B of Boolean 
operators. 

A temporal 5-formula <p over M is satisfiable if there exists a structure S such that 
S, Si \= ip for some state Sj from S. Furthermore, (p is called valid if, for all structures S and 
all states Sj from S, it holds that S, Si \= (p. We will consider the following problems: Let B 
be a finite set of Boolean functions and M a set of temporal operators. Then SAT(M, B) 
is the problem to decide whether a given temporal l?-formula over M is satisfiable. In 
the literature, another notion of satisfiability is sometimes considered, where we ask if a 
formula can be satisfied at the first state in a structure. It is easy to see that, in terms 
of computational complexity, this does not make a difference for our problems as long as 
the considered fragment does not contain the temporal operator S. For this paper, we only 
study the satisfiability problem as defined above. 

Sistla and Clarke analyzed the satisfiability problem for temporal {A, V, -i}-formulae 
over some sets of temporal operators, see Theorem 12.11 Note that, due to de Morgan's laws, 
there is no significant difference between the sets {A, V, ->} and {A, ^} of Boolean operators. 
For convenience, we will therefore prefer the former denotation to the latter when stating 
results. Furthermore, the original proof of Theorem 12.11 explicitly uses the operator V. 

Theorem 2.1 ( |SC85| ). 

(1) SAT({F},{A, V,-i}) is UP -complete. 

(2) SAT({F,X},{A,V,-}), SAT({U},{A, V,^}), and SAT({U, S, X}, {A, V, -.}) are PSPACE- 
complete. 

Since there are infinitely many finite sets of Boolean functions, we introduce some alge- 
braic tools to classify the complexity of the infinitely many arising satisfiability problems. 
We denote with id^ the ra-ary projection to the k-th variable, i.e., id^(xi, . . . , x n ) = Xf., and 
with c™ the n-ary constant function defined by c™{x\, . . . ,x n ) = a. For c\{x) and cj(x) we 
simply write 1 and 0. A set C of Boolean functions is called a clone if it is closed under 
superposition, which means C contains all projections and C is closed under arbitrary com- 
position |Pip97]. For a set B of Boolean functions we denote with [B] the smallest clone 
containing B and call B a base for [B]. In |Pos41j Post classified the lattice of all clones 
Figure [T]) and found a finite base for each clone. 

We now define some properties of Boolean functions, where © denotes the binary ex- 
clusive or. 

Definition 2.2. Let f be an n-ary Boolean function. 

• f is 1 -reproducing if /(l, . . . , 1) = 1. 

• f is monotone if a\ < &i, . . . , a n < b n implies f(ai, . . . , a n ) < f{b\, ■ ■ ■ , b n ). 

• f is i-separating if there exists an i E {1, . . . ,n} such that f(a±, . . . ,a n ) = 1 implies 
a>i = 1. 

• f is self-dual if f = dual(/), where dual(/)(xi, . . . ,x n ) = -if(pxi, . . . ,->x n ). 

• f is linear if f = x\ © • • • © x n © c for a constant c G {0, 1} and variables x\, . . . , x n . 

In Table [2] we define those clones that are essential for this paper plus four basic ones, 
and give Post's bases |Pos41] for them. The inclusions between them are given in Figure HJ 
The definitions of all clones as well as the full inclusion graph can be found, for example, 
in [BCBV03] . 

There is a strong connection between propositional formulae and Post's lattice. If 
we interpret propositional formulae as Boolean functions, it is obvious that [B] includes 
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Figure 1: Graph of some closed classes of Boolean functions 



Name 


Definition 


Base 


BF 


All Boolean functions 


{V,A,^} 


Ri 


{/ £ BF | / is 1-reproducing } 


{V,-} 


M 


{/ € BF | / is monotone } 


{V, A,0, 1} 


Si 


{/ £ BF / is 1-separating } 


{x Ay} 


D 


{/ / is self-dual} 


{xyVxzV{yAz)} 


L 


{/ | / is linear} 


{©,1} 


Lo 


[{©}] 


{©} 


V 


{/ | There is a formula of the form co V c\x\ V ■ ■ ■ V c n x n 
such that Ci are constants for 1 < i < n that describes /} 


{V,1,0} 


E 


{/ | There is a formula of the form co A (ci V Xi) A • • • A (c n 
such that ci are constants for 1 < i < n that describes /} 


Vi„) {A, 1,0} 


N 


{/ | / depends on at most one variable} 


{-,1,0} 


I 


{/ / is a projection or constant} 


{0,1} 


h 


{/ / is a projection} 






Table 2: List of some closed classes of Boolean functions with bases 



exactly those functions that can be represented by .B-formulae. This connection has been 
used various times to classify the complexity of problems related to propositional formulae: 
For example, Lewis presented a dichotomy for the satisfiability problem for propositional 
i?-formulae: SAT(0,£?) is NP-complete if Si C [B], and solvable in P otherwise [Lew79| . 

Post's lattice was applied for the equivalence problem [ReiOlj . counting [RW05] and 
finding minimal [RV03J solutions, and learnability [DalOOj for Boolean formulae. The tech- 
nique has been used in non-classical logic as well: Bauland et al. achieved a trichotomy in 
the context of modal logic, which says that the satisfiability problem for modal formulae is, 
depending on the allowed propositional connectives, PSPACE-complete, coNP-complete, or 
solvable in P [BHSS06]. For the inference problem for propositional circumscription, Nordh 
presented another trichotomy theorem [Nor05 . 

An important tool in restricting the length of the resulting formula in many of our 
reductions is the following lemma. It shows that for certain sets B, there are always short 
formulae representing the functions and, or, or not, respectively. Point (2) and (3) follow 
directly from the proofs in [Lew 79] . point (1) is Lemma 3.3 from |Sch05j . 
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Lemma 2.3. 

(1) Let B be a finite set of Boolean functions such that V C [B] CM (EC [B] C M, resp.). 
Then there exists a B-formula f(x,y) such that f represents x V y (x Ay, resp.) and 
each of the variables x and y occurs exactly once in f(x,y). 

(2) Let B be a finite set of Boolean functions such that [B] = BF. Then there are B- 
formulae f(x, y) and g(x, y) such that f represents xV y, g represents x Ay, and both 
variables occur in each of these formulae exactly once. 

(3) Let B be a finite set of Boolean functions such that N C [B] . Then there is a B-formula 
f(x) such that f represents —>x and the variable x occurs in f only once. 

3. Results 

Our proofs for most of the upper complexity bounds will rely on similar ideas as the 
ones in [BHSS06J, which are extensions of the proof techniques for the polynomial time 
results in [Lew 79]. However, the proof of our polynomial time result for formulae using the 
exclusive or (Theorem I3.8P will be unrelated to the positive cases for XOR in the mentioned 
papers. 

The proofs for hardness results will use different techniques. Hardness proofs for uni- 
modal logics usually work in embedding a tree-like structure directly into a tree-like model 
for modal formulae. Naturally, this approach does not work with LTL which speaks about 
linear models. Hence, in the proof of Theorem 13.31 we will encode a tree-like structure into 
a linear one, and most of the complexity of the proof will come from the need to enforce a 
tree-like behavior of linear models. 

3.1. Hard cases. The following lemma gives our general upper bounds for various combi- 
nations of temporal operators. It establishes that the known upper complexity bounds for 
the case where only the propositional operators and, or, and negation are allowed to appear 
in the formulae still hold for the more general cases that we consider. This does not follow 
trivially, since there is no obvious strategy that converts every i?-formula into a formula 
using only the standard connectives without leading to an exponential increase in formula 
length. The issues here are similar to the "succinctness gap" between the logics LTL+Past 
and LTL discussed in |Mar04j . The proof of Parts (1) and (2) of the following lemma is a 
variation of the proof for Theorem 3.4 in [BHSS06J, where, using a similar reduction, an 
analogous result for circuits was proved. 

Lemma 3.1. Let B be a finite set of Boolean functions. Then the following holds: 

(1) If M C {F,G,U,S,X} ; then SAT(M, B) is in PSPACE, 

(2) ifM C {F,G} ; then SAT(M,B) is in NP, and 

(3) ifM C {X} ; then SAT(M,B) is also in NP. 

Proof. For (1), we will show that SAT(M, B) <™ g SAT({U, S, X} , {A, V, -.}), and for (2), 
we will show that SAT(M,B) <„ g SAT({F} , {A, V, ->}). The complexity result for these 
cases then follows from Theorem 12.11 

The construction for (1) and (2) is nearly identical: Let <p be a formula with arbitrary 
temporal operators and Boolean functions from B. We recursively transform the formula 
to a new formula using only the Boolean operators A, V, and -i, and the temporal operators 
U, S, and X for the first case and the temporal operator F for the second cases. For this we 
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construct several formulae, which will be connected via conjunction. Let k be the number 
of subformulae of 92. Accordingly let ipi,... ,ifj, be those subformulae with 92 = ip\. Let 
Xi, . . . ,Xk be new variables, i.e., distinct from the input variables of (p. For all i from 1 to 
k we make the following case distinction: 

• If ipi = y for a variable y, then let fi((p) = Xj <-> y. 

• If ipi = Xipj , then let fi (92) = x« <-> Xxj . 

• If ipi = f-(fj, then let fi((p) = Xi <-> Fxj. 

• If </?j = G(/Pj, then let /j(<£>) = Xj <-> Gxj. 

• If </?i = tpjUifi, then let /j(<£>) = Xj <-> XjUxp. 

• 11 ifi = (pjSipi, then let = Xj <-> XjSx£. 

• If ifi = gfan ,...,ip in ) for some g € B, then let /*(<£>) = Xi <-> /i^ , . . . , x in ), where /i is 
a formula using only A, V, and -1, representing the function g. 

Such a formula h always exists with constant length, because the set B is fixed and 
does not depend on the input. Now let f(<p) = x\ A Ai=i(G/i(9?) A ^{true S-i for case 
(1) and f(ip) = x\ A Ai=i G /?(</?) f° r case (2)- The part Gfi(<p) makes sure that fi(tp) holds 
in every future state of the structure and —>(trueS—ifi(ip))) does the same for the past states 
of the structure. Additionally we consider x <-> y as a shorthand for (x A y) V (->x A For 
case (1) we consider F shorthand for true Ux and G shorthand for ^(true U-ix), 

and for case (2) we consider Gx as a shorthand for -1F-1X. Thus we have that f(<p) is from 
L({U,S,X},{A,V,^}) in case (1) and from L({F}, {A, V, -■}) in case (2). Furthermore / 
is computable in logarithmic space, because the length of fi is polynomial and neither <-> 
nor the formulae h occur nested. In order to show that / is the reduction we are looking 
for, we still need to prove that 99 is satisfiable if and only if f(<p) is satisfiable. Assume an 
arbitrary structure S, such that S,Si 1= f(ip) for some Sj. We first prove by induction on 
the structure of the formula that Xj holds if and only if ipi holds in every state s of S (for 
(1)) respectively in every state which lies in the future of Sj (for (2)). Therefore for (1) let 
s be an arbitrary state and for (2) let s be an arbitrary state in the future of s«. Thus by 
construction of f{ip) the formulae f p (<p) hold at s for all 1 < p < k. Then the following 
holds: 

• If if p = y for a variable y, then f p ((f) = x p <-> y and trivially S, s \= x p iff S, s \= y. 

• If <p p = X(fj, then f p (<f) = x p <-> Xxj. Thus S, s \= x p iff for the successor state s' of s, 
we have S, s' \= Xj . By induction this is equivalent to S, s' \= ipj and therefore S, s \= ip p iff 
*S*, s N x p . 

• The cases for the temporal operator F or G work analogously. 

• If (p p = ipj[}(pg, then f p (ip) = x p <-> XjUx^. Thus S, s 1= x p iff there exists a state s' in the 
future of s, such that S, s' 1= X£ and in all states s m in between (including s) S, s m \= Xj. 
By induction this is equivalent to S, s' \= ipg and for all states in between S, s m \= ipj and 
therefore S, s \= (p p iff S, s \= x p . 

• If ip p = (pjS(pg, then f p (tp) = x p <-> XjSx^. Thus S, s \= x p iff there exists a state s' in the 
past of s, such that S,s' \= X£ and in all states s m in between (including s) S,s m \= Xj. 
By induction this is equivalent to S, s' \= <pg and for all states in between S, s m \= ipj and 
therefore S, s \= <p p iff S, s \= x p . 

• If ifp = g(ifi 1 , • • • , then f p (ip) = x p <-> ^.(x^ , . . . , Xj n ), where /i is a formula using 
only A, V, and representing the function g. Thus S 1 , s 1= x p iff 5, s N ^(x^ , . . . , Xj n ). Let 
I be the subset of I n = {i±, . . . , i n }, such that 5, s \= x m for all m € / and S 1 , s \= ^x m for 
all m G I n \I. By induction 5, s 1= </? m for all m £ I and S,s \= -"p m for all m € I n \ / and 
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therefore S,s \= h^p^ , . . . , Pi n )- Since h represents the function g, we have that S, s 1= <p p 
iff S, s 1= x p . 

Now, assume that f(ip) is satisfiable. Then there exists a structure S, N /(<£>) and 
thus S*, Sj 1= x\. Since in every state Xj holds if and only if pj holds, we have that S, Sj \= 
p = p>\. For the other direction, assume that p is satisfiable. Then there exists a structure 
S, Si t= <p = <pi . Now we can extend S by adding new variables x\, . . . , Xk in such a way, that 
Xj holds in a state s from if and only if pj holds in that state. Call this new structure 
S'. Then by construction of f(p), we have S', Si \= f(p), since in every state Xj holds if and 
only if ifj holds. This concludes the proof of the first two cases. 

We now show (3). For a formula p in which X is the only temporal operator, let depth x (i^) 
denote the maximal nesting degree of the X-operator in <p, which we call the X-depth of 
p. It is obvious that this number is linear in the length of p. Therefore, to show that the 
problem can be solved in NP, it suffices to prove the following: 

(a) Such a formula p is satisfiable if and only if there is a structure S with the sequence 
(sj)jgN such that for every i > depth x (9?) , every variable in Sj is false, and S, so |= <f>- 

(b) Given the assignments to the variables in the first depth x (<p) states in the structure 
above, it can be verified in polynomial time if S, so \= p. 

These claims immediately imply the complexity result. For the first point, it obviously 
suffices to show one direction. Therefore, let S be an arbitrary structure with sequence 
(sj)i g N such that S, so \= p, and let S' be the structure with sequence (s^eN obtained from 
S as follows: For i < depth x (99) , the assignment of the variables in the state is the same 
as in Sj. For i > depth x ((/9) , every variable is false in s^. To prove claim (a) above, it suffices 
to prove that S',s f \= p. 

To show this, we prove that for every subformula ip of tp and every i < depth x (<p) , if 
depth x (?/>) < depth x (( / 9) — i, then S, Si \= tp if and only if S", \= ip. For i = and ip = p, 
this implies the desired result S',s' \= p. 

We show the claim by induction on the formula ip. If tp is a variable, then, by con- 
struction, S', s',i \= t/j if and only if S, Si \= ip, since the truth assignments of and Si are 
identical. Now let ip be of the form f(ipi, ■ ■ ■ , ip n ) for an n-ary function / G B. In this case, it 
immediately follows that depth x (-(/>) = max {depth x (^i) , . . . , depth x (?/>n)} . Because of the 
prerequisites, depth x (^) < depth x (9?) — i, and hence we know that for each j G {1, . . . , n} , 
it holds that depth x (?/>,,•) < depth x ((^) — %. Therefore, we can apply the induction hypothesis 
to all of the ipj, and we know that S, Si \= ipj if and only if S' , \= ipj. This immediately 
implies that S,Si\= ip if and only if S', s[ \= ip, since / is a Boolean function. 

Finally, let ip be of the form X£ for some formula £. Hence, depth x (?/>) = depth x (£) + 1. 
Since depth x (?/>) < depth x ((^) — i, this implies that depth x (^) < depth x ((^) — {i + 1). 
Hence, we can apply the induction hypothesis, and conclude that S, Sj+i |= £ if and only if 
S',s' i+1 \= £. This immediately implies that S, Si \= ip if and only if S', \= ip, and hence 
concludes the induction and the proof of claim (a). 

For claim (b), assume that p and the truth assignments for the first depth x (c^) states 
in the structure S are given, where all variables are assumed to be false in all further states. 
We can now, for each subformula ip of p, mark those states Si (for i < depth x (<^)) in which 
ip holds. Starting with j = 0, consider the subformulae of X-depth j. The question if a 
formula of X-depth j holds at a given state can easily be decided when this is known for 
all formulae of lower X-depth. For j = 0, this can be decided easily, since the subformulae 
of X-depth are exactly the propositional subformulae, and for these, each state can be 
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considered separately. Additionally, observe that in the structure S, all states beyond 
the first depth x ((£>) states satisfy exactly the same set of sub formulae of ip, hence only 
depth x ((£>) + 1 many states need to be considered. □ 

The following two theorems show that the case in which our Boolean operators are 
able to express the function x Ay, leads to PSPACE-complete problems in the same cases 
as for the full set of Boolean operators. This function already played an important role in 
the classification result from [Lcw79j, where it also marked the "jump" in complexity from 
polynomial time to NP-complete. 

Theorem 3.2. Let B be a finite set of Boolean functions such that Si C [B]. Then 
SAT({G,X},5) and SAT({F,X},5) are PSPACE-complete. 

Proof. Since it is possible to express F using G and negation, Theorem 12.11 implies that 
SAT({G,X},{A,V,^}) and SAT({F,X}, {A, V, ->}) are PSPACE-hard. Now, let ip be a for- 
mula in which only temporal operators G and X, or F and X, and the Boolean connectives 
A, V, and -i appear. Let B' = B U {1}. The complete structure of Post's lattice [BCRV03 j 
shows that [B'] = BF. Now we can rewrite ip as a i?'-formula with the same temporal oper- 
ators appearing. Due to Lemma [231 we can express the crucial operators A, V, -> with short 
iJ'-formulae, i.e., formulae in which every relevant variable occurs only once. Therefore, 
this transformation can be performed in polynomial time. Now, in the ^'-representation of 
ip, we exchange every occurrence of 1 with a new variable t, and call the result ip' , which 
is a 5-formula. It is obvious that <p is satisfiable if and only if the l?-formula ip' At A Gt 
is. Since B 3 Si, we can express the occurring conjunctions using operators from B (since 
these are a constant number of conjunctions, we do not need to worry about needing long 
i?-formulae to express conjunction). This finishes the proof for SAT({G, X}, B). For the 
problem SAT({F, X}, B), observe that the function g{x,y) = x Ay generates the clone 
Si, and therefore there is some I?-formula equivalent to g. Now observe that the formula 
t A F(i A Xt) = g(t, F(g(t, Xt))) is equivalent to Gt. Since this formula is independent of the 
input formula ip, this can be computed in polynomial time, and therefore this formula can 
be used to express ip' At A Gt in the same way as in the first case. Additionally, observe that if 
the operator F appears in the original formula ip, then a subformula Ftp can be expressed as 
(1UV0. Hence we conclude from Theorem \2JM that SAT({U, X}, BF) is PSPACE-complete. 

□ 

The construction in the proof of Theorem 13.21 does not seem to be applicable to the 
languages with U and/or S, as it requires a way to express Gt using these operators. Hence, 
proving the desired completeness result requires significantly more work. Note that the 
case where B contains the usual operators and, or, and negation, has already been proved 
in |Mar04j . Our construction shows that hardness already holds for a class of propositional 
operators with less expressive power. 

Theorem 3.3. Let B be a finite set of Boolean functions with Si C [B]. Then SAT({S},-B) 
and SAT({U},fi) are PSPACE-complete. 

Proof. Since membership for PSPACE is shown in Lemma f3.1l we only need to show hardness. 
To do this, we give a reduction from QBF. The main idea is to construct a temporal B- 
formula that requires satisfying models to simulate, in a linear structure, the quantifier 
evaluation tree of a quantified Boolean formula. Once we have ensured that models for the 
formula in fact are of this structure, we can prove that the quantified formula evaluation 
problem reduces to SAT({S}, B). 
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First we prove an auxiliary proposition for formulae of a special form which we use as 
building blocks in the construction. Intuitively the claim states that, given some preposi- 
tional formulae tp\, . . . , ip n that are pairwise contradictory, we can express that a model has 
a subsequence of states such that ipi holds in the z-th of these states. 

We cannot enforce that the z'-th state always satisfies the z-th formula, since the truth 
of an LTL-formula using only S as a temporal operator is invariant under transformations 
of models that simply repeat a state finitely many times in the sequence. 

Claim 1. Let ip\, . . . ,cp n be satisfiable propositional formulae such that ipi — * —itpj is valid 
for all i, j 6 {1, . . . , n} with i ^ j. Then the formula 

ip = pi A ((piS(ip 2 S(. . . S((p n -iStp n ) ...))) A ((.. . (((piS(p 2 )Sip 3 )S . . . )Stp n ) 

is satisfiable and every structure S that satisfies ip in a state s m fulfills the following property: 
there exist natural numbers = ao < a\ < • • • < a n < m + 1 such that m — ai < j < m — a%—x 
implies S, Sj 1= tpi for every i G {1 . . . , n}. 

Proof. Clearly (p is satisfiable: since all formulae ipi are satisfiable we can find a structure 
S such that S, s, 1= (p n -i for all i £ {0, . . . , n — 1}. One can verify that S satisfies (p in s n _i. 

Let S be a structure that satisfies ip in a state s m . Since <pi — > -xpj is valid for all 
i,j € {1, . . . ,n} with i ^ j, in every state only one of the formulae tpi can be satisfied 
by S. Therefore and since S,s m \= ipiS(tp2S(. . .S(ip n -iSip n ) . ..)) holds, there are natural 
numbers = ao < a\ < • • • < a n -\ < a n < m + 1 such that m — ai < I < m — a\-\ 
implies S, s/ 1= <pi for every i 6 {1..., n}. Since S, s m \= ip±, it holds that a\ > 0. Because 
S,s m 1= (. . . (((piS(p2)S(p3)S . . . )S(p n we conclude that a\ < ■ ■ ■ < a n _i, which proves the 
claim. □ 

Now we give the reduction from QBF, which is PSPACE-complete due to [Sto77| . to 
SAT({S},-B). Let ip = Q\X\ . . . Q n x n (p for some propositional {A, V, -i}-formula ip with 
variables x\, . . . ,x n and for quantifiers Q\, . . . , Q n G {V, 3}. 

Let ly = {pi, . . . ,pk} = {i \ Qi = V} and h = {qi, ■ ■ ■ ,qi} = {i \ Qi = 3} such that 
Pi < ■■■ <Pk and qi < ■■■ < qi. 

We construct a temporal formula ip' E L({S},-B) such that ip is valid if and only if 
ip' is satisfiable. Let to, . . . ,t n ,uo, ■ ■ ■ ,u n be new variables. We start with defining some 
subformulae using propositional operators from {->, V, A}, then we combine them to obtain 
ip' , and afterwards turn ip' into a temporal l?-formula. 

a = u A to A (u A to)S((W A to)S(uo A to))) A (((u A to)S(u^ A to))S(u? A to)) 

(ui-i A ti-i A m AU A x^)S (((((ttj-i A A u, A U A xp) 

((ui-i A ti-i AHi Ati A 3^)5 S(uj_i A A ul A U A xp)) 

{(u^ A ti-i A i*7 A ti A x^)S S(u7ZT A A ul A U A xp)) 

({ujZ\ A ti-i A ui A U A Xi)S Spul^T A t l -\ A m A U A xp)) 

((itTZT A Aul AU A Xi)S Spul^T A Aul AU A xP)) 

(ul^T A U-i Aul Ati A Xi))))) S(ul^[ A U-i A ul A U A xp) 
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7 1 [i] = A A m A U A sc»)S 



7 2 [i] = A tf_i A Ui AU A Xi)S 



{{ui-x A ti-i A Ui A U A XijS 



((ui-i A U-i Aui AU A Xi)S 



({ui-i Ati-t Au.AU Axi))) 



{{ui-x A U-i A Ui A U A x % ))) 



The formula a initializes a model as follows: it sets uo^o i n the current state and requires 
that in the past there is a state with upo and all states in between satisfy upo- We will 
use /3 [i] and f3 2 [i] for V-quantified variables Xj to partition the states such that xi is true 
in one partition and false in the other. Finally, we need 7 1 [i] and 7 2 [i] to set the values for 
the 3-quantified variables. 

We now define the formula tp', which constitutes the reduction. 



The formula tp' as defined above is specified as a formula using the connectives and, 
or, and not. Before proving the correctness of the reduction, we show how ip' can be 
rewritten using only the available connectives from B. Due to the prerequisites, we know 
that Si C [B]. From the complete structure of Post's lattice [BCRV03J, it follows that 
[B U {1}] = BF. Let B' denote the set B U {1}. Since, due to Lemma 12.31 conjunction, 
disjunction, and negation can be written as S'-formulae such that every relevant variable 
appears only once, we can rewrite ip' into a temporal i?'-formula with the result growing only 
polynomially in size (and the transformation can be carried out in polynomial time). Hence 
we can regard ip' as a temporal i?'-formula. Now, since [B] D Si, and the anc/-function is an 
element of Si, there is a l?-formula and£(x, y) which is equivalent to x A y (but both x and 
y might occur more than once in ands(x,y)). Now consider the propositional conjunctions 
of up to 5 literals occurring in the subformulae j3 J [i\, 7 J [i], and a of ^ , and recall that in 
the above step, we have rewritten these into formulae that only use connectives from B 
and the constant 1. For each such conjunction ifa, let ip[ lt be the formula obtained from 
V'lit by exchanging each occurrence of the constant 1 with the new variable t. Now the 
formula ands(t, ^ t ) is equivalent to ipm A t. We can therefore replace all formulae Vnt 
with ands(t, V'lit), and obtain a formula which is equivalent to ip' , but additionally forces 
the new variable t to true in all the affected states. The remaining conjunctions occurring 
in the subformula a can simply be rewritten using the ands(x, y)-formula — there is only a 
constant number of these, hence this rewriting can be done in polynomial time. 

It remains to deal with conjunctions on the outmost level of ip' , i.e., the three con- 
junctions connecting the different parts of the formula and the conjunctions over all i € ly 
and i G I3. We first re-arrange these conjunctions as a formula which is a binary tree of 
logarithmic depth. Then each conjunction can be replaced by using the formula ands(x, y) 
defined above. Since the nesting degree of the conjunction (and hence of applications of 
and j e(x,y)) is only logarithmic, this transformation leads to a formula which is polynomial 
in the length of the original representation of ■*/>', and can be carried out in polynomial time. 

The result of these transformations is a temporal l?-formula which is equivalent to tjj', 
apart from forcing the newly-introduced variable t to true in all worlds in all models of 
ip' that lie in the scope of the relevant temporal operators. In particular, this formula is 
satisfiability-equivalent to if)'. Hence it suffices to prove that the reduction is correct with 
respect to if)', i.e., that ip' is satisfiable if and only if the original QBF-instance ip evaluates 



ip' = a A /\((^[i\A(3 2 \i})St ) A /\(( 7 1 W V 7 2 H)Sto) A fe>St ) 
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to true. For this, we first give a characterization of models satisfying ip' , which establishes 
that models for this formula are indeed "flat versions of quantifier-trees." 

Hence assume that S is a structure that satisfies ip' in a state s m . We prove by induction 
over n that there are natural numbers = ao < • • • < a 3 ^ 2 k ) < m + 1 an d for every 
q G I3 a function a q : {0, l} 9-1 — > {0, 1} such that 5 satisfies the following property: if 
m — a,i < j < m — aj_i, then it holds for all h that 

(1) S,sj t= x Ph iff r 3(2 fc_ fe) l is even, 

(2) 5, Sj \= x qh iff cr qh (ai . . . , a qh -i) = 1 where = 1 if xj G C( s i) an d a d = otherwise, 

(3) N t iff i = 3(2 fc ), 

(4) 5, sj t= t Ph iff i = c ■ 3(2 fc - h ) for some c 6 N, 

(5) S, sj \= t qh iff S, Sj \= t Ph -i, 

(6) S, Sj t= Uo iff i = 1, 

(7) 5, N u Ph iff t = c • 3(2 k ~ h ) + 1 for some c G N, 

(8) 5, 1= u qh iff 5, 1= Up h -\. 

Note that due to point [T] for every possible assignment it to , . . . , x Pk } there is a j G 
{m— a 3 / 2 fe)+l, • • • , such that S 1 , Sj 1= x Pi if and only if Tr(x Pi ) = 1. This is the main feature 
of the construction. The other variables ti and m are necessary to ensure this condition. 
Figure [2] depicts the buildup of structures resulting from these eight properties. The states 
shown are necessary in a model for ip' , however there can be more states in between but 
those have the same assignment as one of the displayed states. The assignment for the 
V-quantified variables x Pl , . . . , x Pk is given for all states and one can see that all possible 
assignments are present. Assignments to the 3-quantified variables are not displayed because 
they can differ from structure to structure. The variables Ui,ti label all states which set 
them to true. 

For n = it holds that ip' = a A (ipS to). Since a satisfies the prerequisites of the claim 
above, there exist natural numbers = ao < a\ < CL2 < «3 < m + 1 such that 

• m — ai<j<m — ao implies S, Sj 1= no A to 

• m — 0,2 < j <m — a\ implies S, Sj \= uo A to 

• m — 03 < j < m — a-i implies S, Sj \= uo A to 

The only occurring variables are uo and to and it is easy to see that the above property of 
S holds for both. 

For the induction step assume that n > 1 and the claim holds for n — 1. There are two 
cases to consider: 

Case 1: Q n = V. That means 

ip' = a A /\ ((^[i] A /3 2 H)St ) A f\ ((VW V 7 2 W)St ) A (pSto) 

iely\{n} iel 3 

A((/?V] A/? 2 [n])St ) 

It follows that there are natural numbers = ao < • • • < a 3 ( 2 fc-i) < m+1 and for every q G Ig 
a function o q : {0, — > {0, 1} such that S fulfills the properties of the claim (note that 
the subformula (ipSto) is not necessary for our argument). Since S,s m \= {(3 [n] A /3 2 [n])Sto 
and for m — a 3 ( 2 fe-i) < j < m it holds that S, Sj \= to if and only if j < m — a3(2 fc - 1 )-ii we 
have S, Sj \= ^[n] A f3 2 {n] for every m — a 3 ( 2 fc-i)_i < j < m. Let i = c ■ 3 for some c G N, 
then it holds that m — a^+i < j < m — a« implies S, Sj \= u n -\ which means that for these 
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to ■ ■ ■ t n x Pl . . . x Pk _ 2 x ph _ 1 Xp 



x Pl . . . x Pk _ 2 x Pk _ 1 x Pk 



u Pk . . . u n x Pl . . . x Pk _ 2 x Pk _ 1 x Pk 



tp k ■ ■ - tn X pi . . . X pk 2 X pk _ 1 X pk 



x Pl . . . x Pk _ 2 x Pk _ 1 x Pk 



u Pk _ 1 . . . u n x Pl . . . x Pk 2 x Pk _ 1 x Pk 



tpk-i • • • *n x Pl . . . x Pk 2 x Pk l x Pk 



tp k ■ ■ ■ t n x Pl . . . x Pk _ 2 x Pk _ 1 x Pk 



Xp x . . . Xp k _ 2 x Pk _ 1 x Pk 



u Pk _ 2 . . . u n x Pl . . . x Pk _ 2 x Pk _ 1 x Pk 



tpk-l ■ ■ ■ X Pl ■ ■ ■ X Pk-2 X Pk~l X Pk 



x Pl . . . x Pk _ 2 x Pk _ 1 x Pk 



u p k ■ ■ ■ u n x pi ■ ■ ■ x Pk-2 X Pk-l X Pk 



tpk ■ ■ - tn x pi ■ ■ ■ x Pk-2 X Pk-l X Pk 



X P\ ■ ■ ■ X Pk-2 X Pk-l X Pk 



Uq . . . u n x Pl . . . Xp k _ 2 Xp k _ x Xpk 



0" 



2 3-(2 fc ) 



Q Sm_a 3-(2'=-l) + 2 



6 



6- 
6- 

6- 

i- 
6- 

6- 



'm-a , k 



3-(2»-l) + l 



s m a 3 . (2 fc_2) + 2 



-*3-(2 fc -2) + l 



-*3-(2 fc -3) + 2 



■"3 (2" -3) + l 



*3-(2« -4) + 2 



*3-(2«-4) + l 



m — a 3 



Figure 2: Structure of models of tjj' in the proof of Theorem 13.3 
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states Sj it holds that S, Sj \= u n -\ A t n _i A u n A t n A x n . Due to our proposition there are 
natural numbers = b l < b\ < ■ ■ ■ < b % G < 04 + 1 such that 

• a* — b\ < j < di — b implies S, Sj 1= u n _i A t n -i A u n A t n A 

• di — b\ < j < di — b\ implies 5, Sj \= u n -\ A t n -\ A A t n A 

• di — b\ < j < di — b l 2 implies 5, Sj \= u n -\ A t n -\ A A t n A 

• di — b\ < j < di — b\ implies 5, Sj \= u n -\ A t n -\ A u n A t n A x n 

• di — b\ < j < di — b\ implies 5, Sj \= u n -\ A t n -i A A t n A x n 

• di — Vq < j < di — b\ implies 5, Sj \= u n _i A t n -\ A A i„ A x n 

The nearest state before s m - ai that satisfies w n -i is s m - ai+1 and the nearest state before 
s m - ai that satisfies i n _i is s m _ ai+2 , therefore it holds that b\ = aj+i — di and 65 = aj +2 — di. 
By denoting 6*- + 04 with c 2 j+j we define natural numbers Co, . . . , c 3 ( 2 fc) for which it can be 
verified that they fulfill the claim. 
Case 2: Q n = 3. In this case we have 

iP' = a A f\ (((3 1 [i]Af3 2 [i])St ) A /\ (( 7 1 b1 V 7 2 H)Sto) A (pSto) 
ie/v ieia\{n} 

A(( 7 1 NV 7 2 [n])Sio). 

Because of the induction hypothesis there are natural numbers = do < a\ < ■ ■ ■ < a 3 ( 2 fc) < 
m + 1 such that the required properties are satisfied. Analogously to the first case S, Sj N 
7 1 [n] V 7 2 [n] is true for every m — d 3 ^ 2 k ) < j <rn. Let i = c-3, then for m — dj + i < j < m — di 
it holds that 5, Sj 1= u n _i A i n _i Au n At n Ax n or 5, Sj t= « n -i A i n _i Au„ At n A x^, because 
5, Sj 1= n„_i. For m — Oj +2 < j < m — Oj+i we have that S, Sj 1= u n -\ A t n _i Au^ At n A x n 
or 5, Sj 1= Uj_ n A ti- n A A t n A ~x~^ and for m — ^+3 < j < m — aj +2 it must hold 
5, Sj 1= u^Zi At n -i A% At n Ax n or 5, Sj 1= u^TJ At n _i Au^At n Ax^. If 5, s 0j 1= 7 1 [n], then 
in all these states x^ is satisfied; if S, s ai 1= 7 2 [n], then x n is. Therefore with cr n defined by 

<j n {d\, . . . , d n -i) = 1 if and only if S, s 3 (d l2 n-2 H ^d n _ 1 2°) ^ 7 2 N> the induction is complete, 

because the binary numbers correspond to the assignments to the V-quantified variables. 
Note that for a structure that satisfies if)' with the above notation, S, Sj \= ip holds for every 
m — a 3 ( 2 fc) < j < m, since ipS to is a conjunct of ip'. 

Now assume that ip' is satisfiable in a state s m of a structure S. This is if and only if 
for every q E Ig there is a function o" 9 : {0, l} 9-1 — > {0, 1} such that S fulfills the above 
property. Hence each possible assignment J to the V-quantified variables {x Pl , . . . , x Pk } can 
be extended to an assignment to {x%, . . . , x n } by J{x qi ) = a qi {J{x\), . . . , J{x qi -\)) which is 
equivalent to the validity of ip. We can prove PSPACE-hardness for SAT({U},-B) with an 
analogous construction. □ 

In the following, we use the result from Lewis [Lew 79] and the previously established 
upper bounds to obtain NP-completeness results: 

Proposition 3.4. Let B be a finite set of Boolean functions such that Si C [B]. Then 
SAT({F},5), SAT({G},£), SAT({F, G}, B), and SAT({X}, B) are HP-complete. 

Proof. Trivially, it holds that SAT(0, B) <^ g SAT(M, B) for each set M of temporal op- 
erators, and SAT(0,i?) is NP-complete due to [Lew79| . The upper bound follows from 
Theorem 12 . 1IH I and Lemma 13.11 □ 
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3.2. Polynomial time results. The following theorem shows that for some sets B of 
Boolean functions, there is a satisfying model for every temporal l?-formula over any set of 
temporal operators. These are the cases where B C R l5 or B C D. In the first case, every 
propositional formula over these operators is satisfied by the assignment giving the value 
1 to all appearing variables. In the second case, every propositional f?-formula describes a 
self-dual function. For such a formula it holds in particular that if it is not satisfied by the 
all-zero assignment, then it is satisfied by the all-one assignment. Hence, such formulae are 
always satisfiable. It is easy to see that this is also true for temporal formulae involving 
these propositional operators. 

Theorem 3.5. 

(1) Let B be a finite subset of Ri. Then every formula p from L({F, G, X, U, S},S) is 
satisfiable. 

(2) Let B be a finite subset of D. Then every formula ip from L({F, G, X, U, S}, B) is satis- 
fiable. 

Proof. 

(1) Since Ri is the class of 1-reproducing Boolean functions, any ip € Ri is true under the 
assignment that makes every propositional variable in ip true. If we apply this fact to 
formulae ip G L({F, G, X, U, S}, B), then it is easy to see that any such formula p is true 
in every state of a structure S v where the assignment of every state is V v . 

(2) We show by induction on the operators that this holds for all formulae. Let S 1 (S°) 
denote the structure where the assignment of every state is V v (0, resp.) and let s 1 (s°, 
resp.) be the first state. We claim that ip £ L({F, G, X, U, S}, B) is satisfied by S 1 iff 
ip is not satisfied by S°. If p is purely propositional the claim holds trivially. We now 
have to look at the following cases: 

• ip = Fpi: Assume the claim holds for 991. Since for all states s in S 1 the submodel 
starting at s are isomorphic, obviously tp is satisfied by S 1 iff Ftp is satisfied by S 1 
and the same argument also holds for S°. Thus S°, s° ¥ p iff S 1 , s 1 \= p. 

• p = G(p±: This works analogously to F. 

• p = Xp±: This also works analogously to F. 

• <p = (p 1 {Jp 2 : Assume the claim holds for 992- Then S°,s° ¥ p iff S°,s° ¥ <p 2 iff 
S 1 , s 1 \= p2 iff S 4 , s 1 1= <p. 

• ip = ip 1 Sip2- This works analogously to U. 

• p = f(ipi, . . . , tfn), such that / is a self-dual function from B: Assume the claim holds 
for pi, 1 < i < n, i.e., S 1 , s 1 1= <pi iff S°, s° ¥ p\. Then S 1 , s 1 ¥■ f{p\, . . . , p> n ) implies 
S°, s° \= f{ipi, ...,p n ) and S 1 , s 1 \= f((p u ...,p n ) implies S°, s° ¥ f((pi, ...,<p n ). □ 

The following two theorems prove that satisfiability for formulae with any combination 
of modal operators, but only very restricted Boolean operators (i.e., negation and constants 
in the first case and only disjunction, conjunction, and constants in the second case), is 
always easy to decide. 

Theorem 3.6. Let B be a finite subset o/N. Then SAT({F, G, X, U, S}, B) can be decided 
in polynomial time. 

Proof. We give a recursive polynomial-time algorithm deciding the following question: Given 
a formula p built from propositional negation, constants, variables and arbitrary temporal 
operators, which of the following three cases occurs: ip is unsatisfiable, ip is a tautology, 
or p is not equivalent to a constant function. We also show that in the latter case, p is 
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equivalent to a formula using only the above operators in which no constant appears. We 
will call these formulae temporal ^-formulae. 

We give inductive criteria for these cases. Obviously, a constant c is constant, and a 
variable is not, and can be written in the way defined above. The formula —xp is equivalent 
to the constant c if and only if <p is equivalent to —>c, otherwise it is equivalent to a temporal 
-i-formula. If p = Fpi, p = Gy>i, or ip = X<p\, then <p is equivalent to a constant c if and 
only if <p\ is equivalent to c : Obviously Fc = Gc = Xc = c for a constant. On the other hand, 
if tpi is not equivalent to a constant, then due to induction, it is equivalent to a temporal 
-i-formula. Hence, Fpi, Gp\ and Xpi are equivalent to temporal -i-formulae as well, and 
due to the proof of Theorem 13.51 [2 these formulae are not equivalent to constants. Hence, 
if (pi is not equivalent to a constant, then <p is not equivalent to a constant either, and can 
be written as a temporal -i-formula. 

Now, let p = p\\}p2- If ^2 is a tautology, i.e., equivalent to the constant 1, then, by 
the definition of U, p is a tautology as well. Similarly, if p2 is equivalent to the constant 0, 
then so is p. Now assume that <p2 is not constant. Then, by induction, <p2 is equivalent to 
a temporal -i-formula. If p\ is equivalent to the constant 0, then p\\)p2 is equivalent to p2, 
and if p\ is equivalent to 1, then </?iUy?2 is equivalent to F<^2- If Pi is not equivalent to a 
constant, then, by induction, it can be written as a temporal -i-formula, and obviously, this 
also holds for p\\Jp2- Again due to the proof of Theorem 13.51 El it follows that the entire 
formula p is not equivalent to a constant. 

For the operator S, a similar argument can be made: Consider the formula p\Sp2- 
If p2 is a constant, then obviously the formula p\Sp2 is equivalent to the same constant. 
If p\ is the constant 0, then <piS<p2 is equivalent to p2, and if p\ is the constant 1, then 
p\Sp2 is equivalent to ll p2 wa s true at one point in the past." If p>2 is not a constant, 
then this is equivalent to ^P2$P2, and thus this can be written as a temporal -i-formula as 
well. As above, this formula is not equivalent to a constant. Now if both p\ and p2 are 
not equivalent to a constant function, then, by induction, both can be written as temporal 
-■-formulae, and then p\Sp2 can be written as such a formula as well. In particular, with 
another application of the proof for Theorem 13. 5l l2l p\Sp2 is not equivalent to a constant. 

This gives us a recursive algorithm deciding whether p is a constant, and if it is, which 
constant is equivalent to p. The polynomial-time computable function An is defined as 
follows: On input p, Aj\r(p) = c £ {0, 1} if p is equivalent to the constant c, and A^(p) is 
the symbol NDCDNSTANT if p is not equivalent to a constant. 

The function can be computed as follows: An{c) is defined as c. For a variable x, 
An(x) is the symbol N0C0NSTANT. On input Xp, Gp, or Fip, the algorithm returns Ajy(p). 
On input p\\}p2, if P2 is a constant c, then A^{jp\\]p2) = c. Otherwise, if p\ is equivalent to 
0, then return A^(p2), and if p\ is equivalent to 1, return Apj(Fp2)- If neither p\ nor p2 are 
constant, then return the symbol NDCDNSTANT. Similarly, on input <p\S(p2, if P2 is a constant 
c, then An(p>\S<P2) = c. Otherwise, if p\ is the constant 0, then A^{ip\Sp2) = Aj^(p2), and 
if pi is the constant 1, and p>2 is not a constant, then Aj\[(piSp2) is defined as the symbol 
N0C0NSTANT. If p\ and p>2 both are not a constant, then A^{Lp\Sp2) is again defined as 
the symbol N0C0NSTANT. The function An can obviously be computed in polynomial time, 
since there is at most one recursive call for each operator symbol in p. 

By the argument above, this algorithm correctly determines if p is equivalent to the 
constant or the constant 1. In particular, it determines if a given formula is satisfiable. Q 

Theorem 3.7. Let B be a finite subset ofM. Then SAT({F, G, X, U, S}, B) can be decided 
in polynomial time. 
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Proof. Remember that M is the clone of all monotone functions. Let <p be an arbitrary 
formula from L({F, G, X, U, S}, B). The following algorithm decides whether p is satisfiable. 

Algorithm LTL-M-Sat 
repeat 

Replace all propositional sub-formulae that are unsatisfiable by 
Replace all sub-formulae FO, GO, XO, ip\J0, ipSO by 
Replace all sub-formulae OU-0, OSip by ip 

Replace all sub-formulae ip(ipi, • • • , <fk) by if ip G B and ip(fi, ■ ■ ■ , <p' k ), where p\ = 

if (fi = and (p' i = 1 otherwise, is not true 
until there are no changes anymore 
if ip = then 

return "unsatisfiable" 
else 

return "satisfiable" 
end if 

Since checking satisfiability of propositional S-formulae is in P (a .B-formula ip is satis- 
fiable iff tp(l, . . . , 1) = 1) and there are at most as many replacements as there are operators 
in ip, LTL-M-Sat runs in polynomial time. 

We prove that LTL-M-Sat is correct. If tp is satisfiable, then LTL-M-Sat returns 
"satisfiable." This is because all replacements in LTL-M-Sat do not affect satisfiability, 
so it follows that every formula LTL-M-Sat decides to be unsatisfiable is unsatisfiable. 
For the converse direction, let p G L({F, G, X, U, S}, B) be such that LTL-M-Sat returns 
"satisfiable" and let ip' be the formula generated by LTL-M-Sat in its REPEAT loop. We 
show by induction on the structure of ip that S, so \= p, where S = (s, V<p, £) is the structure 
in which every variable is true in every state, i.e., £( s i) = V v for every i £ N. 

(1) If <p is a variable, it is satisfied in S, sq trivially. 

(2) If ip = Ftp for a formula ip G L({F, G, X, U, S}, B), let ip' be the formula generated in 
the REPEAT loop when performing LTL-M-Sat on ip. Assume that ip' = 0. Since 
every subformula replaced in ip by LTL-M-Sat will be replaced in p, too, it holds that 
Fip will be replaced by FO and that will be replaced by 0. It follows that p' = 0, but 
then LTL-M-Sat would return "unsatisfiable." Thus, ip' ^ 0, that means LTL-M-Sat 
returns "satisfiable" when performed on ip. By induction it follows that S, sq N ip and 
therefore S,sq\= p holds as well. 

(3) If ip = Gip for a formula ip G L({F, G, X, U, S}, B), we can use exactly the same arguments 
as in 2. 

(4) If p> = Xip for a formula ip G L({F, G, X, U, S}, B), we can use the same arguments as in 
2. 

(5) If ip = ipil)ip2 for formulae ipi,ip2 G L({F, G, X, U, S}, B), we have that ip2 cannot be 
replaced by (otherwise p would be replaced by and LTL-M-Sat would return 
"unsatisfiable"). So by induction it follows that S, sq \= ip2- Hence, it holds that 
S, sq \= <p as well. 

(6) If ip = ipiSip2 for formulae ip\,ip2 G L({F, G,X, U, S}, B), we can use the same arguments 
as for 5. 

(7) If p = ip(p\, ■ ■ ■ , Pk) for formulae ip G B and tpi G L({F, G, X, U, S}, B), for all i = 
1, . . . , k, let ip' ± , . . . , ip' k be the replacements of p±, . . . , ip^. By induction it follows that 
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S, so \= cpi if and only if tp^ ^ for any i € {1, . . . , k}. Since tp' ^ and because of the 
last replacement rule, S, sq\= tp. □ 

Finally, we show that satisfiability for formulae that have X as a modal operator and the 
xor function © as a prepositional operator is in P. This is true because functions described 
by these formulae have a high degree of symmetry. 

Theorem 3.8. Let B be a finite subset ofL. Then SAT({X}, B) can be decided in polynomial 
time. 

Proof. First observe that any function from L is of the form f(x±, ... ,x n ) = x^ ©• • -©Xj fe ©c, 
where the X{. are pairwise different variables from the set {x±, . . . , x n } , and c is either or 1. 
Therefore, it is obvious that temporal l?-formulae can be rewritten using only the connectors 
© and the constant 1 (the can be omitted in the representation above). Hence, we can 
assume that the set B contains only the functions © and 1. Now observe that any formula 
(p from L({X}, {©, 1}) can be written as 

tp = Xip! © • • • © Xip k © ip, 

where ip is a propositional formula. This representation can be computed in polynomial 
time, and we can determine in polynomial time whether ip is a constant function. 

If ip is not a constant function, then tp is satisfiable: Let S = (s, Vw,£) be an arbitrary 
structure. If (p is not satisfied at sq, then we can "switch over" the current truth value of ip, 
thus achieving that one more (or one less) of the arguments of the outermost xor function 
becomes true. For this purpose, we change the assignment of the propositional variables at 
so in such a way that the new assignment satisfies ip if and only if the old assignment does 
not. Since this change does not affect the validity of the Xipi parts, tp holds at sq with the 
new assignment. 

Now, if ip is constant, this trick does not work. Instead, let 

tp' = ipi®---®ip k - 

Observe that in this case tp is satisfiable if and only if ip is the constant and tp 1 is satisfiable, 
or if ip is the constant 1 and tp 1 is no tautology; and that tp is a tautology if and only if 
ip is the constant and tp' is a tautology, or ip is the constant 1 and tp' is not satisfiable. 
Thus we have an iterative algorithm deciding SAT({X}, {©, 1}), since for a propositional 
£?-formula, these questions can be efficiently decided. □ 



4. Conclusion 

We have almost completely classified the computational complexity of satisfiability for 
LTL with respect to the sets of propositional and temporal operators permitted, see Table 
[3l The only case left open is the one in which only propositional operators constructed from 
the binary xor function (and, perhaps, constants) are allowed. This case has already turned 
out to be difficult to handle — and hence was left open — in [BHSS06J for modal satisfiability 
under restricted frames classes. The difficulty here and in [BHSS06] is reflexivity, i.e., the 
property that the formula Ftp is satisfied at some state if tp is satisfied at the same state. 
This does not allow for a separate treatment of the propositional part (without temporal 
operators) and the remainder of a given formula. 

Our results bear an interesting resemblance to the classifications obtained in [Lew 79] 
and in [BHSS06J. In all of these cases (except for one of the several classifications obtained 
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temporal operators 
function class B (propositional operators) 


{F}, {G}, 
{F,G}, {X} 


any other 
combination 


BCRjorBCD 




trivial 


trivial 


BCMorBCN 




in P 


in P 


L , L 




? 


? 


else (i.e., B I> Si) 




NP-c. 


PSPACE-c. 



Table 3: Complexity results for satisfiability. The entries "trivial" denote cases in which a 
given formula is always satisfiable. The abbreviation "c." stands for "complete." 
Question marks stand for open questions. 

in the latter), it turns out that sets of Boolean functions B which generate a clone above 
Si give rise to computationally hard problems, while other cases seem to be solvable in 
polynomial time. Therefore, in a precise sense, it is the function represented by the formula 
x Ay which turns problems in this context computationally intractable. These hardness 
results seem to indicate that x Ay and other functions which generate clones above Si have 
properties that make computational problems hard, and this notion of hardness is to a large 
extent independe nt of the actual problem considered. 

In [BMS + 07] . we have separated tractable and intractable cases of the model checking 
problem for LTL with restrictions to the propositional operators. Without such restrictions, 
this problem has the same complexity as satisfiability [SC85| . 

The results from this paper leave two open questions. Besides the unsolved xor case, 
it would be interesting to further classify the polynomial-time solvable cases. Further work 
could also examine related specification languages, such as CTL, CTL*, or hybrid temporal 
languages. 
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